Introduction
In the history of the Internet, security has always been a topic that developers attach great importance to, in order to achieve the security of data transmission, we need to ensure that the source (non-forgery request), data integrity (not modified), data privacy (ciphertext, cannot be read directly) and so on. Although there is now an SSL/TLS protocol implemented by the HTTPS protocol, but because the client relies on the correct implementation of the browser, and inefficient, so the general sensitive data (such as transaction payment information, etc.) or we need to use encryption method to manually encrypt.
While it is not necessary for a general web developer to have a deeper understanding of some of the underlying security-related technologies, it is essential to learn the basics of cryptography and use existing encryption-related tools. Due to work needs, I read some of the encryption related articles, combined with their own experience, complete this article.
Encryption Basics
Before learning how to use encryption, we need to understand some of the basics of cryptography.
Cryptographic algorithms are generally divided into two kinds: symmetric encryption algorithm and asymmetric encryption algorithm.
Symmetric encryption
Symmetric encryption algorithm is the message sender and receiver use the same key, the sender uses the key to encrypt the file, the receiver uses the same key to decrypt, to obtain information. The common symmetric encryption algorithms are: Des/aes/3des.
Symmetric encryption Algorithm features: fast, encryption before and after the file size changes, but the storage of key is a big problem, because the message sender and the receiver of either side of the key loss, will lead to information transmission becomes unsafe.
Asymmetric encryption
Symmetric encryption is the opposite of asymmetric encryption, the core idea of asymmetric encryption is to use a pair of relative keys, divided into public keys and private keys, private keys to save their own, and the public key public. If the public key and the private key are a pair, if the data is encrypted with the public key, only the corresponding private key can be decrypted, if the private key is used to encrypt the data, then only the corresponding public key can be decrypted. You only need to use the receiver's public key encryption before sending the data. The common asymmetric cryptographic algorithms are RSA/DSA:
Asymmetric encryption Although there is no key to save the problem, but it is computationally large, encryption is very slow, and sometimes we need to block the chunk of data encryption.
Digital signatures
To ensure the integrity of the data, it is also necessary to calculate a hash value from the hash function, which is called a digital signature. The features are:
• No matter how large the original data is, the result is the same length;
• The output is the same as the input;
• Minor changes to the input can make a big difference in the results;
• The encryption process is irreversible, and it is not possible to hash out the original data;
The common digital Signature algorithm has MD5,HASH1 and other algorithms.
The OpenSSL extension of PHP
The OpenSSL extension uses the OpenSSL encryption extension package, which encapsulates several PHP functions for cryptographic decryption, which greatly facilitates the encryption and decryption of data. The commonly used functions are:
Symmetric cryptography Related:
String Openssl_encrypt (String $data, String $method, String $password)
Where $data is the data to be encrypted, $method is the method to be used for encryption, $password is the key to use, the function returns the encrypted data;
Where the $method list can be obtained using openssl_get_cipher_methods (), we select one to use, $method a list of shapes such as:
Array ( 0 = AES-128-CBC, //AES encryption 1 = DES-ECB, //des encryption 2 = des-ede3, //3DES encryption ... )
Its decryption function is String Openssl_encrypt (string $data, String $method, String $password)
Asymmetric encryption Related:
Openssl_get_publickey (); Openssl_pkey_get_public (); Export the public key from the certificate; Openssl_get_privatekey (); Openssl_pkey_get_private () ; Export the private key from the certificate;
They all only need to pass in a certificate file (typically a. pem file);
Openssl_public_encrypt (String $data, String & $crypted, mixed $key [, int $padding = openssl\_pkcs1\_padding])
Use the public key to encrypt the data, where $data is the data to be encrypted, $crypted is a reference variable, the encrypted data will be put into this variable, $key is to pass in the public key data, because the encrypted data is grouped, it may not be exactly the number of encrypted bits of the integer times, so need $ Padding (fill up), $padding options are openssl_pkcs1_padding, openssl_no_padding, respectively, for the PKCS1 fill, or do not use the fill;
The opposite of this method is also (consistent with incoming parameters):
Openssl_private_encrypt ();//use private key to encrypt; Openssl_private_decrypt ();//Use private key to decrypt; Openssl_private_decrypt ();//Use the public key to decrypt;
There are also signature and verification functions:
BOOL Openssl_sign (String $data, String & $signature, mixed $priv _key_id [, mixed $signature _alg = OPENSSL_ALGO_SHA1 ]) int openssl_verify (string $data, String $signature, mixed $pub _key_id [, mixed $signature _alg = OPENSSL_ALGO_SHA1 ] )
Signature function: $data is the data to be signed, $signature a reference variable for the signature result, $priv _key_id is the private key used for signing, $signature _alg is the algorithm to use for signing, and its algorithm list can be used Openssl_get_md_ Methods () obtained, shaped like:
Array ( 0 = MD5, 1 = SHA1, 2 = SHA256, ...)
Check function: As opposed to the signature function, except that it is to pass in the public key corresponding to the private key; The result is a signature verification result, 1 is a success, 0 is a failure, and 1 indicates an error;
Encryption instance
Here is a small example of using asymmetric encryption:
Get the public key $pub_key = Openssl_get_publickey (' Test.pem '); $encrypted = ";//Data chunked encryption for ($offset = 0, $length = strlen ($raw _msg); $offset < $length; $offset + = $key _size) { $ Encryptedblock = "; $data = substr ($raw _msg, $offset, $key _size) if (!openssl_public_encrypt ($data, $encryptedBlock, $pub _key, OpenSSL _pkcs1_padding) { return '; } else { $encrypted. = $encryptedBlock;} return $encrypted;
Symmetric encryption is very simple, directly using the Ssl_encrypt () function;
Of course, some interfaces may have different requirements for encryption methods, such as different padding, the size of the encryption block, and so on, which requires users to adjust their own.
Because we are processing the HTTP protocol data, so after the data encryption is complete, you can send directly, no longer consider the underlying transmission, using the curl or SOAP extension method, you can directly request the interface.
Conclusion
Cryptography is a very advanced discipline, its theory is very difficult, the concept of a wide range of, as a web developer, although we do not need to study its underlying implementation, but learning to use the method of encapsulation is conducive to our development. Even understand its basic implementation, but also can comprehend by analogy, the algorithm, etc. have a new understanding.
Above this PHP's OpenSSL encryption extension use summary (recommended) is a small part of the whole content to share to everyone, I hope to give you a reference, but also hope that we support topic.alibabacloud.com.